Drive-by Rowhammer attack uses GPU to compromise an Android phone

Over the past few years, there has been a steady evolution in Rowhammer, the once largely theoretical attack that exploits physical defects in memory chips to tamper with the security of the devices they run on. On Thursday, researchers are unveiling the most practical demonstration yet of Rowhammer’s power and reach: an exploit that remotely executes malicious code on Android phones by harnessing their graphical processors.

Dubbed GLitch, the exploit is the first to show that GPUs can flip individual bits stored in dynamic random-access memory. The advance gives attackers greater flexibility over previous techniques that relied solely on CPUs. It’s also the first Rowhammer attack that uses standard JavaScript to compromise a smartphone, meaning it can be executed when users do nothing more than visit a malicious website. Another key innovation: on average, GLitch takes less than two minutes to compromise a device, a significant improvement over previous Rowhammer exploits.